(In reply to Reed Loden [:reed] (use needinfo?) from comment #1)
> Pretty sure the security team relies on this for bug bounty stuff. Might
> want to check with them.
dveditz, are you aware of any security processes that require searching attachment _content_ on bugzilla?
if so we'll have to find alternative ways to get the required data to you.
(i couldn't see any searches from your team in the logs when i looked at all of the data for march).

I'm not aware of searching for content, but we do occasionally search for attachment _description_. Once we get the Hall of Fame pages up we'll be using that even more (but again, not attachment content). We used to rely on these searches more but less so since adding the sec-bounty flag.

thanks dveditz :)
another change we'll need:
- determine attachment size when uploaded, and store it in a new column in the attachments table
- currently it's generated upon request, either by length(thedata) or -s $filename
- checksetup migration required to populate the column

(In reply to Reed Loden [:reed] (use needinfo?) from comment #5)
> Make sure you encrypt files at rest in S3. That's not done by default. You
> may also want to use AWS KMS for encryption as well.
both good points; i'll add them to the aws deployment bug.

- adds Bugzilla::Attachment::S3
- adds params
- adds way for a config class to check inter-dependant params
- tweaks to scripts/migrate-attachments.pl
- inlines Amazon::S3
- significantly lighter than Net::Amazon::S3
- Amazon::S3 appears to be abandoned, our copy incorporates a number of fixes
ping me on irc when you're ready to test .. i'll set up an s3 bucket for you under the ateam account.

Comment on attachment 8642300[details][diff][review]
1160929_1.patch
Review of attachment 8642300[details][diff][review]:
-----------------------------------------------------------------
Comments:
1. Nit; If we are only going to allow adding/removing buckets from the AWS console, and not from within Bugzilla, then I would just remove all of the methods dealing with
listing, adding, and removing of buckets in Bugzilla::S3. Less code to drag along and maintain.
2. Created my own AWS account with S3 bucket.
3. I was able to upload, download, and remove attachments of different types using enter_bug.cgi (standard and guided) and attachment.cgi (add, view and delete).
All operations completed successfully and meta data looked correct in AWS console.
r=dkl
::: Bugzilla/Attachment/S3.pm
@@ +49,5 @@
> +}
> +
> +sub exists {
> + my ($self, $attach_id) = @_;
> + return !!$self->{bucket}->head_key($attach_id);
til; Never used that notation before but now realize it is basically the same as undef ? 1 : 0; so it forces a boolean context :)
::: Bugzilla/S3.pm
@@ +505,5 @@
> +
> + return $buf;
> +}
> +
> +sub _trim {
Nit: could just use Bugzilla::Util::trim